Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.x] XContent Refactor #2598

Merged
merged 6 commits into from
Mar 31, 2023
Merged

[Backport 2.x] XContent Refactor #2598

merged 6 commits into from
Mar 31, 2023

Conversation

RyanL1997
Copy link
Collaborator

@RyanL1997 RyanL1997 commented Mar 29, 2023
edited
Loading

Description

Reacts to refactoring done on xcontent classes from core. Many imports from org.opensearch.common.xcontent were switched to org.opensearch.core.xcontent.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Build fix

Issues Resolved

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@RyanL1997
XContent Refactor to 2.x
2fdd7b9 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
@RyanL1997
Fix the format
4742b90 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
@RyanL1997
Copy link
Collaborator Author

I will look into the test failure introduced by opensslTest tmr.

@peternied peternied mentioned this pull request Mar 29, 2023
Closed
@RyanL1997
Copy link
Collaborator Author

I'm updating my findings here:
Based on the log, it seems like we couldn't setup the openSSL connection correctly. For this error:

[ERROR][org.opensearch.security.ssl.http.netty.SecuritySSLNettyHttpServerTransport] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f6f70656e64697374726f2f5f73656375726974792f73736c696e666f3f70726574747920485454502f312e310d0a486f73743a203132372e302e302e313a31303237340d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d48747470436c69656e742f342e352e313320284a6176612f31312e302e3138290d0a4163636570742d456e636f64696e673a20677a69702c6465666c6174650d0a0d0a

It shows like there is a communication mismatch. I decoded the record, and it gives a http request:

GET /_opendistro/_security/sslinfo?pretty HTTP/1.1
Host: 127.0.0.1:8628
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.18)
Accept-Encoding: gzip,deflate

I think by enabling the openSSL, we need a https request instead. I was checking thru the code base, and I couldn't find the relate changes about this error. I will keep looking for it tmr.

@RyanL1997
Fix settings
6575a27 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
@RyanL1997 RyanL1997 force-pushed the backport-xcontent-refactoring branch from a7d7a8e to 6575a27 Compare March 30, 2023 21:52
@peternied
Copy link
Member

I've backported the ClusterManager changes into my fork. Assuming the test pass https://github.com/peternied/security/actions/runs/4569414539/jobs/8065642541 I think we should merge that into this branch to move forward.

See original source PR

What do you think @RyanL1997?
FYI: @cwperks @scrawfor99 ?

@peternied peternied mentioned this pull request Mar 30, 2023
Closed
@RyanL1997
Copy link
Collaborator Author

RyanL1997 commented Mar 30, 2023
edited
Loading

Hi, @peternied, I tried to fixed this in the same way as you did, but it didn't work(Actually what I tried for cherry pick was this PR: #2051). According to this PR: opensearch-project/OpenSearch#6853, I think they have modified some of the logics on legacy settings. And I'm look into it to see the root cause.

RyanL1997 and others added 3 commits March 30, 2023 15:23
@RyanL1997
Change the 4th node into a master node
3c1493a 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
@RyanL1997
Covert back to previous setting
55b3a2a 
Signed-off-by: Ryan Liang <jiallian@amazon.com>
@peternied @RyanL1997
Switch to ClusterManager terminology (opensearch-project#2062)
9c59856 
* Cluster manager inclusive checks on codebase

Enforce usage of ClusterManager terminology in the codebase
Include mechanism to disable checkstyle rule

Cross cluster needs to have an additional role in the `node.roles` list,
which I am guessing was backwards compatiable if the legacy versions of
the role assignments were used.  With this change cross cluster tests
properly include this value during setup and the settings for these
values are merged instead of being overridden.

Signed-off-by: Peter Nied <petern@amazon.com>
@codecov-commenter
Copy link

codecov-commenter commented Mar 31, 2023
edited
Loading

Codecov Report

Merging #2598 (9c59856) into 2.x (ed85d06) will decrease coverage by 0.11%.
The diff coverage is 100.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@             Coverage Diff              @@
##                2.x    #2598      +/-   ##
============================================
- Coverage     61.30%   61.19%   -0.11%     
+ Complexity     3314     3305       -9     
============================================
  Files           258      258              
  Lines         18272    18272              
  Branches       3251     3251              
============================================
- Hits          11201    11182      -19     
- Misses         5496     5508      +12     
- Partials       1575     1582       +7
Impacted Files Coverage Δ
...ic/auth/http/kerberos/HTTPSpnegoAuthenticator.java 0.00% <ø> (ø)
.../opensearch/security/OpenSearchSecurityPlugin.java 79.87% <ø> (ø)
.../action/configupdate/ConfigUpdateNodeResponse.java 77.27% <ø> (ø)
...rity/action/configupdate/ConfigUpdateResponse.java 64.28% <ø> (ø)
...nsearch/security/action/whoami/WhoAmIResponse.java 0.00% <ø> (ø)
...earch/security/auditlog/impl/AbstractAuditLog.java 73.75% <ø> (ø)
...search/security/auditlog/impl/RequestResolver.java 67.61% <ø> (ø)
...ty/configuration/ConfigurationLoaderSecurity7.java 66.39% <ø> (ø)
...security/configuration/DlsFlsFilterLeafReader.java 62.31% <ø> (ø)
...rch/security/configuration/DlsFlsRequestValve.java 0.00% <ø> (ø)
... and 29 more

... and 7 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@RyanL1997 RyanL1997 merged commit 77bc5b8 into opensearch-project:2.x Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peternied peternied peternied approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

@davidlago davidlago Awaiting requested review from davidlago

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RyanL1997 @peternied @codecov-commenter